× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 392d9dbe6c4b56055487c141d968c8c2f64e7ed02d6793eaba09f7675193c08e
File name: 3316ddbf7353c726eb13a7e9cb83be50
Detection ratio: 50 / 68
Analysis date: 2019-03-14 15:42:10 UTC ( 1 week, 4 days ago )
Antivirus Result Update
Acronis suspicious 20190313
Ad-Aware Win32.Ramnit.Y 20190314
AhnLab-V3 Win32/Ramnit.S 20190314
ALYac Win32.Ramnit.Y 20190314
Antiy-AVL Virus/Win32.Ramnit.am 20190314
Arcabit Win32.Ramnit.Y 20190314
Avast Win32:Rootkit-gen [Rtk] 20190314
AVG Win32:Rootkit-gen [Rtk] 20190314
Avira (no cloud) W32/Nimnul.D 20190314
Baidu Win32.Virus.Nimnul.dan 20190306
BitDefender Win32.Ramnit.Y 20190314
CAT-QuickHeal W32.Nimnul.F 20190314
CMC Virus.Win32.Ramnit.2!O 20190314
Comodo Virus.Win32.Ramnit.GENV@4roe85 20190314
CrowdStrike Falcon (ML) win/malicious_confidence_100% (D) 20190212
Cyren W32/Nimnul.A!Generic 20190314
DrWeb Trojan.DownLoader26.29786 20190314
Emsisoft Win32.Ramnit.Y (B) 20190314
Endgame malicious (high confidence) 20190215
ESET-NOD32 a variant of Win32/Ramnit.AM 20190314
F-Prot W32/Nimnul.A!Generic 20190314
F-Secure Malware.W32/Nimnul.D 20190314
Fortinet W32/Ramnit.AM 20190314
GData Win32.Ramnit.Y 20190314
Ikarus Virus.Win32.Nimnul 20190314
Sophos ML heuristic 20190313
Jiangmin Win32/Nimnul.d 20190314
K7AntiVirus Virus ( 004c861e1 ) 20190314
K7GW Virus ( 004c861e1 ) 20190314
Kaspersky Trojan.Win32.Blouiroet.b 20190314
Malwarebytes Trojan.Downloader.RU.Generic 20190314
MAX malware (ai score=80) 20190314
McAfee W32/Ramnit.o 20190314
McAfee-GW-Edition BehavesLike.Win32.Generic.fc 20190314
Microsoft Virus:Win32/Ramnit.AH 20190314
eScan Win32.Ramnit.Y 20190314
NANO-Antivirus Virus.Win32.Nimnul.bauhiz 20190314
Palo Alto Networks (Known Signatures) generic.ml 20190314
Qihoo-360 HEUR/QVM40.1.D737.Malware.Gen 20190314
Rising Malware.Undefined!8.C/N3#77% (RDM+:cmRtazpXuATHqN19ZOzCB/bv/1U0) 20190314
SentinelOne (Static ML) DFI - Malicious PE 20190311
Sophos AV W32/Ramnit-BD 20190314
Symantec Trojan.Dropper 20190314
TACHYON Virus/W32.Ramnit.D 20190314
Tencent Virus.Win32.Nimnul.b 20190314
TrendMicro PE_RAMNIT.SM 20190314
TrendMicro-HouseCall PE_RAMNIT.SM 20190314
VBA32 Virus.Nimnul.ea 20190314
Zillya Virus.Nimnul.Win32.2 20190314
ZoneAlarm by Check Point Trojan.Win32.Blouiroet.b 20190314
AegisLab 20190314
Alibaba 20190306
Avast-Mobile 20190314
Babable 20180918
Bkav 20190314
ClamAV 20190314
Cybereason 20190109
eGambit 20190314
Kingsoft 20190314
Panda 20190314
SUPERAntiSpyware 20190314
Symantec Mobile Insight 20190220
TheHacker 20190308
TotalDefense 20190314
Trapmine 20190301
Trustlook 20190314
ViRobot 20190314
Webroot 20190314
Yandex 20190314
Zoner 20190314
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT embedded
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-01-10 16:56:25
Entry Point 0x00001463
Number of sections 5
PE sections
Overlays
MD5 693e9af84d3dfcc71e640e005bdc5e2e
File type ASCII text
Offset 372736
Size 3
Entropy 0.00
PE imports
GetLastError
InitializeCriticalSectionAndSpinCount
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LCMapStringW
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
ExitProcess
TlsAlloc
GetEnvironmentStringsW
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetModuleFileNameA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
HeapSize
GetCurrentProcessId
ReadConsoleW
GetCommandLineW
GetCPInfo
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetStartupInfoW
SetFilePointerEx
FreeEnvironmentStringsW
GetCommandLineA
GetProcAddress
InitializeSListHead
GetProcessHeap
SetStdHandle
RaiseException
WideCharToMultiByte
TlsFree
InterlockedFlushSList
FindFirstFileExA
ReadFile
SetUnhandledExceptionFilter
WriteFile
CloseHandle
GetSystemTimeAsFileTime
FindNextFileA
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetOEMCP
TerminateProcess
CreateProcessA
GetModuleHandleExW
IsValidCodePage
CreateFileW
FindClose
TlsGetValue
GetFileType
SetEndOfFile
TlsSetValue
HeapAlloc
GetCurrentThreadId
WriteConsoleW
VirtualAlloc
SetLastError
LeaveCriticalSection
InternetReadFile
InternetOpenUrlA
InternetCloseHandle
InternetOpenA
Number of PE resources by type
RT_MANIFEST 1
AMEJSVFVE 1
Number of PE resources by language
NEUTRAL 1
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
6.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:01:10 17:56:25+01:00

FileType
Win32 DLL

PEType
PE32

CodeSize
51712

LinkerVersion
14.1

FileTypeExtension
dll

InitializedDataSize
320000

ImageFileCharacteristics
Executable, 32-bit, DLL

EntryPoint
0x1463

OSVersion
6.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 3316ddbf7353c726eb13a7e9cb83be50
SHA1 7d9ef56a183ec005a240ff7bb23415e701f2cac8
SHA256 392d9dbe6c4b56055487c141d968c8c2f64e7ed02d6793eaba09f7675193c08e
ssdeep
6144:Fhn5Fs7RcWkYDFdlNFzH/5J/0jW7UsRPOOm3om4sKXYWqN5+FO/iIUl4:g7Aef5xKskVwHqM4iIUl4

authentihash 0a25a152853ff748e626518c610c98fe6a329011bd9cceca479bb5688f8cda43
imphash 48a7caaef4d0fbfffc0d09251f977371
File size 364.0 KB ( 372739 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win64 Executable (generic) (72.3%)
Win32 Executable (generic) (11.8%)
OS/2 Executable (generic) (5.3%)
Generic Win/DOS Executable (5.2%)
DOS Executable Generic (5.2%)
Tags
honeypot pedll overlay

VirusTotal metadata
First submission 2019-03-14 15:42:10 UTC ( 1 week, 4 days ago )
Last submission 2019-03-14 15:42:10 UTC ( 1 week, 4 days ago )
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!